We are pleased to announce the release of: nova 15.1.4: Cloud computing fabric controller This release is part of the ocata stable release series. Download the package from: https://tarballs.openstack.org/nova/ For more details, please see below. 15.1.4 ^^^^^^ Security Issues * A new policy rule, "os_compute_api:servers:create:zero_disk_flavor", has been introduced which defaults to "rule:admin_or_owner" for backward compatibility, but can be configured to make the compute API enforce that server create requests using a flavor with zero root disk must be volume-backed or fail with a "403 HTTPForbidden" error. Allowing image-backed servers with a zero root disk flavor can be potentially hazardous if users are allowed to upload their own images, since an instance created with a zero root disk flavor gets its size from the image, which can be unexpectedly large and exhaust local disk on the compute host. See https://bugs.launchpad.net/nova/+bug/1739646 for more details. While this is introduced in a backward-compatible way, the default will be changed to "rule:admin_api" in a subsequent release. It is advised that you communicate this change to your users before turning on enforcement since it will result in a compute API behavior change. Changes in nova 15.1.3..15.1.4 ------------------------------ fe0c103 import zuul job settings from project-config f5b8a0a Return 400 when compute host is not found 456b3d6 [stable only] Handle quota usage during create/delete races 2f6ea7b Make ResourceTracker.stats node-specific 3120f40 [stable only] Add functional regression test for bug 1783613 d4179e3 Add recreate test for RT.stats bug 1784705 d2164c9 Default embedded instance.flavor.disabled attribute 09e678e Use instance project/user when creating RequestSpec during resize reschedule 4bd2a8d Ensure resource class cache when listing usages 8392c7f Add policy rule to block image-backed servers with 0 root disk flavor Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 300 ++++++++++++++++++++- api-ref/source/parameters.yaml | 4 +- nova/api/openstack/compute/migrate_server.py | 3 +- nova/api/openstack/compute/servers.py | 3 +- nova/compute/api.py | 50 +++- nova/compute/resource_tracker.py | 23 +- nova/conductor/manager.py | 3 +- nova/exception.py | 5 + nova/objects/instance.py | 15 ++ nova/objects/resource_provider.py | 1 + nova/policies/servers.py | 2 + .../functional/compute/test_resource_tracker.py | 247 +++++++++++++++++ .../functional/regressions/test_bug_1783613.py | 176 ++++++++++++ .../api/openstack/compute/test_migrate_server.py | 21 +- ...cked_for_zero_disk_flavor-b36a6eb4fa8b2964.yaml | 20 ++ 21 files changed, 966 insertions(+), 28 deletions(-)